This Privacy Policy applies to all users of the 100facets platform, whether you are using the platform directly, as part of a company service, or through educational/consulting programs. It outlines how we collect, use, and protect your personal data, and your rights regarding your data.

1. Platform Provider and Data Protection Contact

100facets Whylab Trusted Solutions SARL Av. Victor Ruffy 18, 1012 Lausanne, Switzerland Email: [email protected] Data Protection Officer (DPO): Mohamad Razaghi

In certain contexts, your company or the educational/consulting institution sponsoring your use of the platform may be the Data Controller of your personal data. In such cases, 100facets acts as a Data Processor.

For more details on how data responsibilities are divided, refer to our Terms of Use.

2. Data Collection

100facets collects the following types of data:

a. Personal Information

Name, email, and other details provided during registration, such as seniority level, preferred language, age, years of experience, and phone number.

b. Assessment Data

Feedback, ratings, and other data collected during assessments.

c. Behavioral Data

Data about your interactions with the platform (e.g., time spent on tasks, features used).

d. Payment Information

For users subscribing to paid services, payment details are collected for processing.

Important: The platform is designed for educational and personal development purposes only. Users should not provide any sensitive personal data (e.g., health data, financial information) or confidential business information (e.g., proprietary business plans, project details, or trade secrets).

3. Data Usage

The data we collect is used for the following purposes:

a. Personalized Insights

Delivering customized reports and insights based on the data you provide during assessments.

b. Communication

Informing you about new features, updates, or service-related announcements.

c. Payment Processing

To process payments for subscription services.

d. Research & Development

Anonymous and aggregated data may be used for research, benchmarking, and improving the platform after the service is completed. This data will not contain any personal identifiers.

e. Compliance

Ensuring compliance with legal obligations (e.g., GDPR, FADP).

For more information on how we handle your data, please see our Terms of Use.

4. Cookies

We only use essential cookies to provide our platform and deliver the core services. These essential cookies enable necessary features such as login sessions, data security, and functionality that allows the platform to work as expected.

We do not use marketing cookies or third-party cookies for tracking purposes. You can manage your cookie preferences through your browser settings, though disabling essential cookies may impact your ability to use the platform.

5. Data Rights and Management

a. Direct Users (No Company Involved)

If you are using the platform directly, you are the Data Controller of your personal data. You can access, modify, or delete your personal data directly through the platform’s user interface. When you delete your account, your data will be permanently erased, except for anonymous data retained for research and benchmarking purposes.

b. Company Users (Using the Platform via Employer)

If your employer has purchased access to the platform, the Company is the Data Controller, and 100facets acts as the Data Processor. You can still access, modify, or delete your personal data through the platform’s user interface. However, final decisions on data deletion (including complete account deletion) must be approved by your employer, as they retain overall control of your data. 100facets facilitates these functionalities but will notify your employer if you submit requests for data deletion.

c. Educational/Consulting Program Participants

If you are using the platform as part of an educational or consulting program, the institution or consultant is the Data Controller, and 100facets acts as the Data Processor. You can access, modify, or delete your personal data through the platform’s interface. Requests for final deletion may also be addressed to the educational institution or consultant that controls your data.

6. Data Sharing

We do not share your personal data with third parties for marketing purposes. We may share your data with essential service providers that assist in the operation of the platform (e.g., cloud hosting providers, payment processors). All data transfers comply with applicable privacy regulations, including GDPR and FADP. If data is transferred outside of Switzerland or the EEA, we ensure appropriate safeguards, such as standard contractual clauses, are in place.

7. Anonymous Data Use

Once data has been anonymized, it will no longer contain any personally identifiable information. Anonymous and aggregated data may be used for research, product development, and benchmarking, even after the completion of the service. This data is retained for internal analysis to improve our platform.

8. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including legal or reporting obligations. Inactive accounts (those unused for 12 months) may be deleted after notifying the user via their registered email. Once an account is deleted, all personal data will be removed unless otherwise required by law. Anonymous data may be retained for research purposes.

9. Data Security

We take appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or misuse. However, no system is completely secure. We encourage users to maintain strong passwords, update their contact information regularly, and notify us of any suspicious activity.

10. Data Breach Notification

In the event of a data breach, we will promptly notify affected users and relevant authorities, as required by GDPR, FADP, or other applicable regulations. Notification will be made electronically within 72 hours of becoming aware of the breach.

11. User Rights

You have the following rights regarding your personal data:

• Right to Access: You can view the personal data we hold about you.
• Right to Rectification: You can correct inaccurate or incomplete personal data.
• Right to Erasure (Right to be Forgotten): You can request that your personal data be deleted, subject to the Data Controller’s approval.
• Right to Restrict Processing: You can request limitations on how your data is processed.
• Right to Data Portability: You can request that your data be transferred to another service provider in a structured format.
• Right to Object: You can object to specific types of data processing.
• Right to Withdraw Consent: You can withdraw your consent at any time, where consent is the legal basis for processing.

To exercise these rights, log into your account or contact us at [email protected].

12. Children’s Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect data from children under this age. If we discover that we have collected data from someone under the age of 18, we will delete that information.

13. International Data Transfers

When transferring personal data outside of Switzerland or the EEA, we ensure that appropriate safeguards are in place, such as standard contractual clauses or reliance on other GDPR-compliant frameworks.

14. Changes to this Privacy Policy

100facets reserves the right to modify this Privacy Policy at any time. Significant changes will be communicated to users via email or platform notifications. We encourage users to regularly review this policy and the Terms of Use for updates.

15. Contact Us

If you have any questions or concerns about this Privacy Policy, you can contact us at: Email: [email protected] Data Protection Officer (DPO): Mohamad Razaghi